If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Sorry wrong group... has been posted to correct group

"Jack" <no@mail.com> wrote:
>
>I'm ramping up on MTS and have some confusion on the use of the security
model.
>
>Tell me where I go wrong:
>
>When the client program (object) connects to the MTS object, it is authenticated
>to a role based on the user's NT account (i.e. user name/password). Now
>it is discouraged to use impersonation to authenticate to the third tier
>(i.e database) because of overheard. So how does one ensure that the user's
>role has permission to talk to the third tier? Is it setup simply such
that
>if the user can access the component, they can use it's functionality or
>can the model be extended such that the DB further authenticates based on
>the role? For example, can the DB be aware of the role also authenticate
>on it's own using the role? For example, if a component has the role "accountant"
>can the DB's security be set to lock out the "accountant" role? I imagine
>the DB cannot be made aware of the role but I would appreciate clarification
>on this point.
>
>Another way to frame this question is: With impersonation the 2nd tier
and
>the third tier each authenticate the user. When a role is used, the 2nd
>tier authenticates the user but what happens in the third tier? Does/can
>the third tire authenticate the role?
>
>Thanks,
>Jack
>